On Fri, Dec 06, 2002, Stefan Kotes wrote: > Openssl Team, > I have one question regarding DER encoding of the SEQUENCE/SET components. > According to the "A Layman's Guide to a Subset of ASN.1, BER, and DER" > document, if the value of a SEQUENCE or SET component with DEFAULT qualifier > is the default value, the encoding of that component in not supposed to be > included in contents octets. > Openssl does not seem to follow this rule with "version" member of > structures like X509_CINF, OCSP_REQUEST, OCSP_RESPDATA. Is this ASN.1 > encoding behavior in openssl library by design or is it something you plan > to change ? >
DEFAULT is handled in OpenSSL by using OPTIONAL and then handling things appropriately in any friendly wrappers that access the field. IIRC the actual rules only enforce omission of the field for DER and it can still be included for BER. One reason for retaining this behaviour is that some broken encodings which are supposed to follow DER still include fields which have the default value. If OpenSSL always omitted the field then this would result in a different encoding, which would break signatures. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
